Maintain Your Server
Over a period of time, the software on your Linux server will become quite out of date. There are many reasons why you might wish to update to a later version of a program or service on your Linux server, increased functionality, new features and bug fixes are to name just a few.
The most pressing reason to update the software on your Linux server would have to be in response to a security issue.
Unfortunately, the older the software you use, the longer it has been around and the more likely that someone has discovered a security flaw or exploit in that software. It is inevitable that you will need to upgrade something at some point to keep your Linux server safe.
The strategy that you would undertake to ensure that your Linux server is kept up to date is dependent on the distribution of Linux that you use.
The strategy that you would undertake to ensure that your Linux server is kept up to date is dependent on the distribution of Linux that you use.
Many distributions now automatically update themselves or use package managers such as aptitude that allow you to easily check and upgrade your Linux server with the minimum of fuss and user impact.
If this facility is available to you then by all means use it. In more traditional distributions of Linux, it may be necessary to upgrade your Linux server the good old-fashioned way, by compiling and installing the new package yourself. This is not as difficult as it may first sound and it is easy to track what may need to be upgraded.
Simply make a list or spreadsheet of the programs and services that your Linux server runs and visit the websites for these packages on a regular basis to see if a new version has been released. The release notes for the new version will tell you why the new version has been released and whether or not it is a security update.
Turn Off Unused Services
If a service is not present or not running it cannot be exploited. There's no point in running bind on a machine that is not used as a nameserver. Or running apache on your Linux server if when you point a web browser at it all it has is a page proclaiming It Works! Of course, if the cache is poisoned on a nameserver nobody uses it's unlikely that anyone will ever notice, let alone be affected by it.
This doesn't hold true in all situations however, DNS servers are often run in a chroot prison with good reason.
Consider the potential damage possible if a Samba server had a security flaw that allowed an attacker to easily drop their payload directly onto your Linux server. If a service is not running it cannot be exploited regardless of its state.